Audit & Advisory Services Mission and Charter

Revised: September 2020

Our mission

The mission of the University of California (UC) Internal Audit (IA) program is to provide the Regents, President and Campus Chancellors with independent and objective assurance and consulting services designed to add value and to improve operations. It does this by assessing and monitoring the Campus community in the discharge of their oversight, management and operating responsibilities. IA brings a systematic, risk-based and disciplined approach to evaluating and improving the effectiveness of risk management, control and governance processes.


UC Internal Audit Mission & Charter (Office of Ethics, Compliance and Audit Services)


Audit & Advisory Services functions under policies established by The Regents of the University of California and by University management under delegated authority.

Audit & Advisory Services is authorized to have full, free and unrestricted access to information it deems necessary to perform audit, consulting/advisory services, and investigation projects and ongoing risk assessment activities, including, but not limited to, records, computer files, information systems, databases, property, and personnel of the University in accordance with the authority granted by approval of this charter and federal and state statutes. Except where limited by law, the work of Audit & Advisory Services is unrestricted. Audit & Advisory Services is free to review and evaluate all policies, procedures, and practices for any university activity, program, or function on behalf of the Board of Regents.


Independence is essential to the effectiveness of the Internal Audit Program, permitting the rendering of impartial and unbiased judgment essential to the proper conduct of audits. To that end, internal auditors will be independent of the activities they audit.

Independence is based primarily upon organizational status and objectivity: Audit & Advisory Services reports functionally to the Board of Regents through the Chief Compliance and Audit Officer (CCAO) and administratively to the Chancellor and the Senior Vice Chancellor – Administration and Finance. The Chief Audit Officer may not be released from employment without concurrence from the University President and the Chair of the Compliance and Audit Committee, upon the recommendation of the CCAO. 

Audit & Advisory Services may take directly to the Chancellor; the CCAO; the President; or the Regents matters that they believe to be of sufficient magnitude and importance. The Chief Audit Officer shall take directly to the CCAO, who shall report to the President and the Regents’ Committee on Compliance and Audit Chair, any credible allegations of significant wrongdoing (including any wrongdoing for personal financial gain) by or about the Chancellor, Executive Vice Chancellor or Vice President, or any other credible allegations that if true could cause significant harm or damage to the reputation of the University.

In performing the audit function, Audit & Advisory Services has no direct responsibility for, nor authority over, any of the activities reviewed. Therefore, the audit review process does not in any way relieve other persons in the organization of the responsibilities assigned to them.


The scope of Audit & Advisory Services work is to determine whether UC’s network of risk management, control, and governance processes, as designed and represented by management at all levels, is adequate and functioning in a manner to ensure:

  • Risk management processes are effective and significant risks are appropriately identified and managed.
  • Ethics and values are promoted within the organization.
  • Financial and operational information is accurate, reliable, and timely.
  • Employee’s actions are in compliance with policies, standards, procedures, and applicable laws and regulations.
  • Resources are acquired economically, used efficiently, and adequately protected.
  • Programs, plans, and objectives are achieved.
  • Quality and continuous improvement are fostered in the organization’s risk management and control processes.
  • Significant legislative or regulatory compliance issues impacting the organization are recognized and addressed properly.
  • Effective organizational performance management and accountability are fostered.
  • Coordination of activities and communication of information among the various governance groups occur as needed.
  • The potential occurrence of fraud is evaluated and fraud risk is managed.
  • Information technology governance supports UC’s strategies, objectives, and privacy framework.
  • Information technology security practices adequately protect information assets and are in compliance with applicable policies, rules and regulations.
  • Opportunities for improving management control, quality and effectiveness of services, and the organization’s image identified during audits are communicated by Audit & Advisory Services to the appropriate levels of management.

Professional standards

Audit & Advisory Services serves the University in a manner that is consistent with the standards established by the CCAO and acts in accordance with University policies and the UC Standards for Ethical Conduct. At a minimum, it complies with relevant professional standards such as the Institute of Internal Auditors’ mandatory guidance, including the Definition of Internal Auditing, the Code of Ethics and the International Standards for the Professional Practice of Internal Auditing. This mandatory guidance constitutes principles of the fundamental requirements for the professional practice of internal auditing and for evaluating the effectiveness of the internal audit activity’s performance.